New Peer to Peer App - Earthstation 5 - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: New Peer to Peer App - Earthstation 5

  1. #11
    Senior Member
    Join Date
    Jan 2003
    Posts
    120
    I have a little querstion. Here is a quote from the site

    PGPDisk - As an additional security feature, to all P2P programs, is that ES5 integrates seamlessly with PGPDisk (which is a free program and will be provided by ES5 to its users) that lets you encrypt your disk drives to store your P2P content. No one except you will ever be able to see your files , not your kids, your spouse, your mother, your boss, the FBI , the KGB or anyone else!
    How could that be true i thought PGP could be cracked?
    http://www.AntiOnline.com/sig.php?imageid=517

    the Open Source model doesn\'t offer any great benefit in
    terms of reliability and security. -Bill Gates

  2. #12
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    With a good encryption and a good passphrase, PGP can be cracked...after something like 50 years of computer calculations.
    Life is boring. Play NetHack... --more--

  3. #13
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    I was wondering when something like this would come out.
    The idea is not new... it is just now being applied to p2p fileswap programs.

    To see a similar project... check out freenet.

    Think about it. How the hell would you discover this on your network? Protocol analyzers will be useless, sniffers, yep, they'll be worthless. Firewalls - a trivial joke. If you walk up to the workstation, the damn thing is locked up using PGP keys.
    I was able to install as a "poweruser", but not as just a "user".

    Hmm... maybe an asset manager... to audit every workstaiton and then you can create a report for the workstations whose software changed.

    I use TrackIT to keep track of workstations, system info, help desk calls, software installed on each machine, etc. Nice product... though, I'm not sure the price of it.

    The BSA also has some free tools... maybe incorporate them with a logon script and then maybe look for offending or unauthorized programs. I'm not sure if this process can be automated... as I've never used the tools that the BSA offers. I just use TrackIT and then create reports.

  4. #14
    Senior Member
    Join Date
    Jan 2003
    Posts
    120
    Originally posted here by KissCool
    after something like 50 years of computer calculations.
    Did not know that thx for the info.
    http://www.AntiOnline.com/sig.php?imageid=517

    the Open Source model doesn\'t offer any great benefit in
    terms of reliability and security. -Bill Gates

  5. #15
    Senior Member
    Join Date
    May 2002
    Posts
    344
    And It is always dangerous to let p2p programs on a computers without good protections.
    I completly agree with you on this, but check this out:

    PGPDisk - As an additional security feature, to all P2P programs, is that ES5 integrates seamlessly with PGPDisk (which is a free program and will be provided by ES5 to its users) that lets you encrypt your disk drives to store your P2P content. No one except you will ever be able to see your files, not your kids, your spouse, your mother, your boss, the FBI, the KGB or anyone else!
    go to http://www.earthstation5.com/stealth.html to check out more that es5 has to offer to its users.

    EDIT: woops sorry all of these posts came in so fast, i didnt know someone posted the same stuff i posted above me. sorry about that.
    Support your right to arm bears.


    ^^This was the first video game which i played on an old win3.1 box

  6. #16
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    I've been playing around with this software, and one thing I don't like about it, is I had to start forwarding ports on my router. So once I start doing this, wouldn't open up several new ways for people to get into my computer using tools such as fpipe?

    To me, its not worth the risk
    =

  7. #17
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    TH13:

    pslist -t \\WorkStationName

    incorporate this in a script or for loop and run it
    periodicly and | it threw find "ProcessName" im sure the
    process still shows up.


    for /F "tokens=1" %X in (workstations.txt) do pslist -t %X |find "ProcessName" >>some.txt

    should tell you if its on the network

    haven't tried trackit yet phish but pslist is free from systernals

    if someone would be so kind as to supply the process name !?!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #18
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018

    An Idea.

    Okay, so stopping this is going to be a pain in the @$$

    How about preventing it from being installed in the first place.

    We could all ask our AV providers to provide extra signature files that identify the apps/install themselves and treat them as a virus - hence the P2P stuff doesn't get onto the network to start with.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  9. #19
    Junior Member
    Join Date
    Sep 2001
    Posts
    27
    [QUOTE
    I was able to install as a "poweruser", but not as just a "user".
    [/QUOTE]

    this looks like one way to stop it, personally the only people on the business network that are power users are myslef and a manager that has no clue about computers, and even his login is restricted using GPO.

    so as long as you set everyones rights to 'user', you should be okay

    Dahquim
    What colour do smurfs go when they hold there breath???

  10. #20
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    This kind of thing usually gets me in trouble...... but sometimes the direct approach works....

    I wrote the following email to ES5's contact, Ras:

    Ras,

    While I appreciate the work you have done with ES5 and fully appreciate any and all efforts to thwart the somewhat idiotic attempts by the MPAA and RIAA to have government enforce their own profit gathering I also have a responsibility to my company to enforce it’s policies within our own network. One of those policies is that copyrighted material may not be downloaded and utilized in breach of any law. We are a non-profit organization, (read: we have no money….<s>), and downloading files such as those ES5 would provide causes clogging of our already limited bandwidth and potentially opens my company up to liability should we be discovered. I appreciate that they way you have written ES5 is quite close to “bullet-proof” but my company can still be sued on verbal evidence, (User X goes running around telling the wrong people how he uses ES5 at work and it can’t be stopped or detected).

    My question: Is there a consistent signature(s) in the initial packets, or subsequent packets that I, as a systems administrator, can capture with an IDS to alert me to your product’s use?

    As I said above, I personally commend you for your work and would recommend your product to any of my users that wish to use a P2P network from their home but I do have a responsibility to my company and I would be negligent should I not try to properly enforce the policies I myself wrote.

    Any assistance in this would be greatly appreciated,
    I will wait to hear his uncontrollable laughter........
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides